On Mon, Aug 29, 2016 at 5:00 AM, Hubert Kario <hka...@redhat.com> wrote:
> > we have enough problems weeding out implementation mistakes in TLS, we > don't > need yet another protocol and two dozen implementations that come with it > Strongly agreed. Focusing energy on getting "something" working for low-power devices is putting the cart before the horse. Security has to be a primary objective here, in the standards world in general and in CFRG in particular. We can surely consider tradeoffs---more frequent key rotations, security guarantees reduced in a well-defined way, shorter lifetimes for credentials, etc.---but these should be explicitly chosen, not determined after the fact based on what happened to be in our toolbox at the time. Keeping 3DES around in a general-purpose protocol headed for standardization in spite of the known problems with small block sizes is almost certain to create more work in the coming years for everyone simply to benefit implementors of systems for which security is clearly not the primary concern. >From following the discussion, low power crypto seems like a research area at this point, not an implementation effort. (Of course, the flaws in whatever ill-advised schemes get implemented will generate their own research efforts and inevitable transitive trust problems with supposedly more-secure systems. Alas, we haven't yet figured out a way to keep people from generating sufficient rope to hang themselves with.) Kyle
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
